1. 技术文章
  2. Force www. and https in nginx.conf (SSL)

Force www. and https in nginx.conf (SSL)

孤街醉人 提交于 2020-06-09 12:08:43

问题


After purchasing a SSL certificate I have been trying to force all pages to secured https and to www.

https://www.exampl.com is working and secure but only if type it in exactly. www.example.com or example.com are still pointing to http.

We use nginx as a proxy and need to input the rewrite there. I have SSH / root access via Putty. I have accessed nginx.conf by inputting into putty.

Now what? Do I input the nginx commands on this page? Starting where the cursor is? Any command lines first?

HTTPS:

.htacess – Original code I was given before I found out I had to input into nginx

RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Nginx code converter – This is how it shows on the converter. Is everything on the correct lines?

# nginx configuration location / {
if ($http_host ~* "^example.com"){
rewrite ^(.*)$ http://example.com/$1 redirect; } }

and then

WWW

.htacess – Original code I was given before I found out I had to input into nginx

#Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]

Nginx code converter – This is how it shows on the converter. Is everything on the correct line?

# nginx configuration location / { 
if ($http_host ~* "^example.com"){ 
rewrite ^(.*)$ http://www.example.com/$1 redirect; }

}

Do I then save? Restart?

Any help would be greatly appreciated. I have been battling this for weeks. My Hosting company helped as far as they could, now I am learning on the fly…. Or should I just stop and hire a developer? $$$

Thanks


回答1:


The best way to implement WWW and HTTPS redirection is to create a new server section in Nginx config:

server {
    listen      80;   #listen for all the HTTP requests
    server_name example.com www.example.com;
    return      301         https://www.example.com$request_uri;
}

You will also have to perform https://example.com to https://www.example.com redirection. This may be done with code similar to the following:

server {
    listen              443 ssl;
    server_name         example.com;

    ssl_certificate     ssl.crt; #you have to put here...
    ssl_certificate_key ssl.key; #   ...paths to your certificate files
    return      301     https://www.example.com$request_uri;
}

And of course, you must reload Nginx config after each change. Here are some useful commands:

check for errors in the configuration:

sudo service nginx configtest

reload configuration (this would be enough to make changes "work"):

sudo service nginx reload

restart the whole webserver:

sudo service nginx restart

Important note:

All your server sections must be inside http section (or in a file included in http section):

http {
    # some directives ...
    server {
        # ...
    }
    server {
        # ...
    }
    # ...
}



回答2:


The following solution seems to be clear and simple, everything defined in one server block. So with this setup I force everything to https://www.domain.tld, so both handlers are here non-HTTPS and non-WWW on HTTPS. There are two IF's but if you don't want to duplicate entire SSL block two times to handle it... this is the way to do it.

server {
    listen 80;
    listen 443 ssl;

    server_name domain.tld www.domain.tld;

    # global HTTP handler
    if ($scheme = http) {
        return 301 https://www.domain.tld$request_uri;
    }

    # global non-WWW HTTPS handler
    if ($http_host = domain.tld){
        return 303 https://www.domain.tld$request_uri;
    }
}

And even better solution to avoid IF's:

# Redirect all traffic from HTTP to HTTPS
server {
    listen 80;

    server_name example.com www.example.com;

    # Destination redirect base URI
    set $RURI https://www.example.com;

    location / {return 301 $RURI$request_uri;}
}

# Redirect non-WWW HTTPS traffic to WWW HTTPS
server {
    listen 443 ssl;
    # NOTE: SSL configuration is defined elsewhere
    server_name example.com;
    return 301 $scheme://www.$host$request_uri;
}

# MAIN SERVER BLOCK
server {
    listen 443 ssl;
    # NOTE: SSL configuration is defined elsewhere
    server_name www.example.com;
}



回答3:


If you have a sites-enabled directory, do not use the "http" top directive. Just create another file (with any name) in the site-enabled directory that has:

server {
    listen      80;   #listen for all the HTTP requests
    server_name example.com www.example.com;
    return      301         https://www.example.com$request_uri;
}

and comment out the line 

listen 80;

where the server_name is the same in the other file that serves www.example.com




回答4:


I searched a lot , finally this is my right answer. also remember to add a www A record in your domain registar's dns control panel. 

 # Force all users to https://www.example.com
server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://www.example.com$request_uri;
}
server {
    listen 443 ssl;
    server_name example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.pem;
    ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
    return 301 https://www.example.com$request_uri;
}
server {
    listen 443 ssl;
    server_name www.example.com;
    root /var/www/html

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;
    ssl_certificate /etc/nginx/ssl/www.example.com.pem;
    ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
}


来源:https://stackoverflow.com/questions/32486739/force-www-and-https-in-nginx-conf-ssl

标签
ssl
nginx
https
www-mechanize
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!